ports/71169: Update: security/samhain 1.8.10b -> 1.8.11

David Thiel lx at redundancy.redundancy.org
Mon Aug 30 22:00:44 UTC 2004

>Number:         71169
>Category:       ports
>Synopsis:       Update: security/samhain 1.8.10b -> 1.8.11
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Mon Aug 30 22:00:43 GMT 2004
>Originator:     David Thiel
>Release:        FreeBSD 4.9-STABLE i386
System: FreeBSD redundancy.redundancy.org 4.9-STABLE FreeBSD 4.9-STABLE #15: Wed Nov 19 21:41:32 PST 2003 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386


Updating the Samhain integrity checking system from 1.8.10b to 1.8.11.

Code changes include:

o for files in the IgnoreAll policy, there are no warnings (anymore) about
  'no such user/group' and/or non-printable filenames

o there is a new option HardlinkOffset=... to specify an offset from the
  canonical hardlink count for a directory

o ... and a new option AddOKChars=... to modify the set of characters in
  a filename for which a warning (about obscure/non-printable) filename
  is issued.

Port changes:

Turn off kernel integrity checking by default - building this into packages
wouldn't work anyhow, since it would only work with an identical kernel as
on the build cluster.


diff -ruN samhain/Makefile samhain.new/Makefile
--- samhain/Makefile	Thu Aug 12 04:20:28 2004
+++ samhain.new/Makefile	Mon Aug 30 14:51:38 2004
@@ -5,7 +5,7 @@
 # $FreeBSD: ports/security/samhain/Makefile,v 1.17 2004/08/11 23:00:12 pav Exp $
-# This port recognizes the following non-binary tunables:
+# This port recognizes the following non-boolean tunables:
 #	Whe building with "WITH_SERVER" defined, the username of the
@@ -17,7 +17,7 @@
 PORTNAME=	samhain
 CATEGORIES=	security
 MASTER_SITES=	http://la-samhna.de/archive/ \
@@ -26,7 +26,7 @@
 MAINTAINER=	lx at redundancy.redundancy.org
 COMMENT=	The Samhain Intrusion Detection System
-OPTIONS=	KCHECK "Enable rogue KLD detection" on \
+OPTIONS=	KCHECK "Enable rogue KLD detection" off \
 		GPG "Enable GnuPG support" off \
 		MYSQL "Enable MySQL logging" off \
 		POSTGRESQL "Enable PostgreSQL logging" off \
@@ -111,9 +111,9 @@
 .if !defined(WITHOUT_KCHECK)
-	@${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem."
-	@${ECHO_MSG} "If you're not building as root, please hit Control-C and"
-	@${ECHO_MSG} "restart the build as root."
+	@${ECHO_MSG} "Building with kernel checking requires reading /dev/kmem"
+	@${ECHO_MSG} "and /dev/mem. If you're not building as root, please hit 
+	@${ECHO_MSG} "Control-C and restart the build as root."
diff -ruN samhain/distinfo samhain.new/distinfo
--- samhain/distinfo	Thu Aug 12 04:20:28 2004
+++ samhain.new/distinfo	Mon Aug 30 14:45:54 2004
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-1.8.10b.tar.gz) = f7c638e6989cb44287e814cf008877cd
-SIZE (samhain_signed-1.8.10b.tar.gz) = 972170
+MD5 (samhain_signed-1.8.11.tar.gz) = b07d557a4fd598d9406b8338204e20f9
+SIZE (samhain_signed-1.8.11.tar.gz) = 956426

More information about the freebsd-ports-bugs mailing list